Almost a third of organisations have been affected by cybercrime in the past 12 months, according to new research from Databarracks. In light of this, the business continuity expert suggests that organisations must look to invest in ongoing cyber awareness training, especially following the government's proposed fines for firms who fall victim to cyber-attacks.
As part of the Network and Information Systems (NIS) directive, which becomes law across the EU next May and is separate from the General Data Protection Regulation (GDPR), the government has warned that organisations could face fines of up to 17 million [pounds sterling] or 4 per cent of global turnover if they fail to protect against hackers. The crackdown is aimed at making sure essential services such as water, energy, transport and health firms are safeguarded against hacking attempts.
According to the government, the fines will be a last resort and they will not apply to organisations who have put the appropriate safeguards in place but have still suffered a breach. However, findings from Databarracks' seventh Data Health Check report, which surveyed over 400 IT decision makers in the UK about their IT security and continuity practices, shows:
* 41 per cent of organisations have not invested in any safeguards over the last 12 months;
* Only 34 per cent of organisations have invested in cyber awareness training;